How to set up Grafana so that no password is necessary to view dashboards

Question

Despite these settings, Grafana still requires the use of a password to view Dashboards. Can someone please help me with the correct settings?

[auth.anonymous]
# enable anonymous access
enabled = true

[auth.basic]
enabled = false

this change work but the user can navigate and view all the dashboards, I just want them to view via link, any extra setting required? embed option works but from the port 3000 they can view all — Srinath Ganesh, Oct 01 '18 at 05:06
See https://grafana.com/docs/auth/overview/#anonymous-authentication — Stefan Birkner, Jun 20 '19 at 21:04

score 87 · Accepted Answer · edited Jul 24 '19 at 15:32

87

Thanks @Donald Mok for his answer; I just want to make it as clear as possible. In the Grafana interface you can create an organization. After that you can create some dashboards for this organization. So, there is a problem that you need to specify the organization for anonymous users. And it should be a real organization (for your Grafana). And anonymous users will be able to see only dashboards from this organization.

#################################### Anonymous Auth ##########################
[auth.anonymous]
# enable anonymous access
enabled = true

# specify organization name that should be used for unauthenticated users
org_name = ORGANIZATION

edited Jul 24 '19 at 15:32

Boann

48,794
16
117
146

answered Mar 15 '16 at 14:35

Jimilian

3,859
30
33

11

Is it possible for an anonymous user to see dashboards from multiple organizations? – Rickkwa Feb 24 '17 at 20:58
3

This literally saved me :D – FranzHuber23 Mar 30 '19 at 21:51
1

Keep in mind anonymous users in Grafana can access still some menu's today. Including Explore. – Melroy van den Berg Jan 15 '21 at 21:56
1

none of the answers work for me, i am still presented with login form, or if disable_login_form=true with *welcome to Grafana" message and no way past it. Grafana ver 7.3.0. My goal is yo never see login form period. – Dmitry z Jun 15 '22 at 14:14
This still works and is documented here: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/grafana/#anonymous-authentication – davegallant Nov 23 '22 at 16:09
To anyone else: remove the ; comment indicator at the beginning of the lines I spent an embarrassingly long time trying to fix this – Diamond Dec 31 '22 at 01:40
I'd like to add that this configuration could be overridden with environment variables to avoid editing config files (very useful with Docker) as explained here https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#override-configuration-with-environment-variables – zguesmi Mar 13 '23 at 16:15

score 33 · Answer 2 · edited Jul 24 '19 at 15:47

To setup login for anonymous users you need to make these small configuration changes in the default.ini/grafana.ini file (Grafana\conf).

If you want to hide the login page do this configuration:

[auth]
# Set to true to disable (hide) the login form, useful if you use OAuth
#disable_login_form = false 
disable_login_form = true

Change disable_login_form to true.

Enable anonymous access:

[auth.anonymous]
# enable anonymous access 
enabled = true

Specify the organization:

# specify organization name that should be used for unauthenticated users
org_name = YOUR_ORG_NAME_HERE

Restart Grafana and you should be able to see the Grafana dashboard. If not, just change your org role from Viewer to Editor:
```
# specify role for unauthenticated users
org_role = Editor
```

@Matteo , it been almost 4 year, i am not sure about this – Mahadev Gouda Jul 28 '22 at 09:45 — Mahadev Gouda, Jul 28 '22 at 09:45

score 10 · Answer 3 · edited Jul 24 '19 at 15:35

I had this issue, but the root cause in my case was a tiny mistake. I checked the grafana.log file and found that:

"2016/02/12 09:24:57 [middleware.go:62 initContextWithAnonymousUser()] [E] Anonymous access organization error: 'Anonymous Org.': Organization not found"

I changed the org_name in grafana.ini, and after restarting Grafana, things worked well as I intended.

I recommend you check your grafana.log file to see what's wrong with your configuration.

score 6 · Answer 4 · edited Jul 24 '19 at 15:40

First of all, in grafana.ini adjust the following values:

[auth.anonymous]
# enable anonymous access
enabled = true

# specify organization name that should be used for unauthenticated users
org_name = YOUR_ORG_NAME_HERE

# specify role for unauthenticated users
org_role = SOME_USER_NAME_HERE # e.g. Anonymous

Now, after restarting Grafana, log in and make sure there is another user than admin created. If not, create one. The values in the user creation dialogue are actually unimportant to achieve the task.

Finally, set the same organisation name under global orgs to match your grafana.ini value. Also, make sure the user you created has the role you set in grafana.ini (in my example the role would be "Anonymous").

score 6 · Answer 5 · answered May 03 '21 at 15:59

First your configuration should look like this:

[auth.anonymous]
# enable anonymous access 
enabled = true

# specify organization name that should be used for unauthenticated users
org_name = ORGANIZATION

# specify role for unauthenticated users
org_role = Viewer

[auth]
# Set to true to disable (hide) the login form, useful if you use OAuth
disable_login_form = true

Then you need to make an organization on the Server Admin page on the Grafana website with the exact same name as you specified here: org_name = ORGANIZATION

If you then make a dasbhoard with some panels you can share the dashboard or a specific panel with <iframe>, you can find more info here

^ This was my issue. The config was ok but the `org_name` didn’t point to an existing organization. Creating it in the dashboard (or renaming the default one) did it. — bfontaine, Mar 09 '22 at 16:09

score 0 · Answer 6 · answered Apr 13 '20 at 11:35

Here is what i did for my Caddy proxy which uses client-cert auth already. Beware, this still exposes your datasource to the public! Be sure to replace your@email.com with your email and the Caddy proxy ip in grafana.ini.

Caddyfile

grafana.****.***, gf.****.*** {
    tls your@email.com {
        clients /mnt/user/appdata/caddy/conf/ca.crt
    }

    proxy / http://10.0.1.39:3000 {
        transparent
        websocket
        insecure_skip_verify
        header_upstream X-WEBAUTH-USER "admin"
    }
}

gf-pub.****.*** {
    tls your@email.com

    proxy / http://10.0.1.39:3000 {
        transparent
        websocket
        insecure_skip_verify
        header_upstream X-WEBAUTH-USER "public"
    }
}

grafana.ini

[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = username
enable_login_token = false
whitelist = 10.0.1.3 <-- Your Caddy IP

How to set up Grafana so that no password is necessary to view dashboards

6 Answers6

Linked